nouvakis 0 Posted October 31, 2019 (edited) I am trying to upload to a server (it reports UNIX Type: L8) using SSL. it fails when trying to get Dir List (using TIcsFtpMulti waiting Timeout=600) Is there any way to overcome this problem? PS: the same server responds well if I don't use SSL Edited October 31, 2019 by nouvakis Share this post Link to post
nouvakis 0 Posted November 1, 2019 1 hour ago, nouvakis said: I am trying to upload to a server (it reports UNIX Type: L8) using SSL. it fails when trying to get Dir List (using TIcsFtpMulti waiting Timeout=600) Is there any way to overcome this problem? PS: the same server responds well if I don't use SSL Searching with google, I found this: https://superuser.com/questions/1195462/server-sent-passive-reply-with-unroutable-address-in-filezilla I think that the server is not configured correctly, and it answers with its local address to PASV command Indeed, debugging I found that original address is Quote < 220 GSN (sch.gr) ftp Server FTP Session Connected OK to: 194.63.239.5:21 but later I get Quote < 227 Entering Passive Mode (10,2,34,21,196,235). 02:02:07:732 TWSocket will connect to 10.2.34.21:50411 I assume that 10.2.34.21 is its local address and this is the problem. In the above article, the writer says: Quote When encountering this, FileZilla tries to connect to the primary address of the FTP server instead, as that is usually the correct address to use. So in most cases you won't notice the problem at all. Share this post Link to post
Angus Robertson 574 Posted November 1, 2019 Yes this issue was discussed here last week relating to the ICS FTP server behind a NAT router. In the past, routers were able to manipulate the control channel to change the private IP address to public, but it seems FTP is now considered a legacy protocol and newer routers don't bother. Also SSL stops the router seeing the control channel, one reason you can configure SSL on data but leave the control channel clear. I like FileZilla's idea of re-using the earlier public address, I'll have a look and see if that can be done in ICS, as an option. Angus Share this post Link to post
Fr0sT.Brutal 900 Posted November 1, 2019 In general, a peer couldn't reliably know its external address unless it connects to some remote server and asks him "what's my ip dude". That's why servers that require knowing their own external address usually have a manually editable setting. I'd say that FTP server is configured incorrectly and besides tweaking your side you could write to its owner. Share this post Link to post
Angus Robertson 574 Posted November 1, 2019 Misconfiguration of NAT'd FTP servers is common, I only corrected one of mine this week. So if the client can help, it's worth a little effort. The STUN protocol allow determination of public IP address behind NAT, and a STUN component has been on my ICS wish list for a few years, maybe I'll finally write it. Won't help me though, since my development servers behind NAT have several different IPv4 and IPv6 addresses on two different ISPs. Angus Share this post Link to post
Fr0sT.Brutal 900 Posted November 1, 2019 1 hour ago, Angus Robertson said: So if the client can help, it's worth a little effort. Misconfig affects all users... and too tolerate client tools are making admins too lazy xDDD Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
